With the enforcement date looming, now is the time for organizations to determine whether the EU’s new General Data Protection Regulation (GDPR) applies to their business, and to sort out steps to take in preparation of the law’s enforcement. First thing’s first – do you need to worry about GDPR? Answer these questions to find out.

Here are a few fast facts about GDPR:

What is GDPR and when is it effective?

General Data Protection Regulation (GDPR) is the EU’s new regulation designed to govern the collection, storage, and usage of private information. The regulation was created in 2016 and has an enforcement effective date of May 25, 2018.

What is the regulation’s intent?

In short, the regulation is intended to provide citizens of the EU with more control around their personal information. The law aims to unify privacy laws in the EU and sets strict standards for the collection and storage of private information, with unprecedented requirements surrounding consent, inventory accounting, demonstration of compliance, and notification of potential data breaches. While governed by the EU, GDPR will apply to any organization that collects or processes data of EU citizens, regardless of where the business is located.

What are the ramifications of non-compliance?

Non-compliance could have crippling consequences. Penalties for non-compliant companies that experience breaches could be up to 20 million euros (about $24,000,000 USD), or 4% of the company’s global revenue – whichever of the two is larger.

As we begin 2018, there are three areas to keep an eye on due to the uptick of claims and changing landscape: property, cyber and data security, and employment practices liability.

Property

In 2017, the US experienced many natural disasters. Damages from Hurricanes Harvey, Irma, and Maria and California fires are expected to result in record property losses. We can anticipate an increase in premium for all property, including vehicles. Auto premiums are already through the roof because of an increase in claims and expenses due to distracted driving and expensive technology. With almost 1 million cars lost during the hurricanes, the rates are bound to increase further.

Takeaway: 2017 losses were at a record high, but there is ample surplus in the insurance marketplace to absorb these claims. This year, we expect insurance companies to increase rates. If you have a favorable claims history, work with your broker to maintain your current pricing.

Cyber crime has become the new norm, with 39% of breaches targeting companies smaller than $100M in revenue[1]. And while healthcare, retail, financial and educational organizations are frequent targets, every company has data and money that the hackers would love to get their hands on. Traditionally, we’ve seen attacks ranging from hacking servers for customer information, to hacking stolen laptops, and spear phishing emails where the hacker sends an email from the traveling CEO or CFO to request a wire transfer to a specific company. During tax season, they have even been sending spear phishing emails to the Human Resources or Finance department to target employees’ W2s.

But cyber hackers are creative and they are always looking for new angles to catch companies off guard.

In the past week, two of our clients have experienced a cyber breach involving some less frequent strategies.

Compromising an Amazon store login and diverting funds to a new banking account

Spoofing a vendor’s email to request payment to a new account

It’s clear that hackers are getting smarter and using new angles to target businesses. To mitigate your company’s risk, it’s crucial to be vigilant and aware of new types of attempts to steal money and information. Be mindful and train your employees to recognize phishing emails and scams. Confirm requests for changes via a different mode of communication. For example, if the request came in via email, then call a known number to confirm the requested change. Beazley Insurance offers additional employee training on phishing here.

For companies seeking proven protection for their cyber, network security and privacy exposures, a Cyber/Data Breach insurance policy remains the best and most affordable insurance solution. Follow our blog to stay up to date with the latest cyber security and insurance trends.

Last year, the IRS estimated income tax fraud would cost taxpayers roughly $21 billion[1]. The upcoming tax season is expected to bring more losses from phishing scams due to the amount of personal information (W-2s, tax returns, social security numbers, etc.) circulating during tax season and the increased sophistication of the attacks.

Hackers use phishing emails to convince employees (typically in the Human Resources or Finance departments) to send over personal information about employees, often by email. These types of emails are deceiving, with many disguised to look like they are coming from company executives, such as the CEO. Once received by the hacker, this personal information allows them to file a tax return, cash in on someone’s tax refund or steal their identity. The process is quick as hackers have machines set up to take advantage of this information almost as soon as they receive it.

Common Phishing Emails

The IRS reported that the following are some common phishing emails to look out for:[2]

Thanks to a number of high profile cases of cyber theft, many companies are aware of the threat of a cyber or data breach. Most know that it’s no longer a matter of “if” but “when” they will get hit. After all, every company has information hackers can profit from such as stolen identities, credit card information or proprietary secrets, to name a few.

Big companies usually make the headlines when hackers compromise the confidentiality of millions of customers, but the truth is that 60% of all cyber breaches last year involved small and midsize businesses.

What’s more, many small to midsize firms typically prudent in other aspects of their business haven’t taken the time to understand the data security threat nor are they effectively managing the issue, according to new survey data from MMA.

Unprepared and Unaware

The 12-page report, 2015/2016 Cyber & Data Security Risk Survey for Small and Midsize Employers, highlights the fact that many are underestimating the potential danger to their business. Notably, the survey found the following:

Just 6% of the respondents said they thought their organization’s data security was “bomb proof.”

2% said they did not have a corporate recovery plan to deal with the loss of confidential, personally identifiable information.

9% said their organization did not have the expertise to develop any kind of data security plan.

Not surprisingly, those organizations that regularly talk about data security and risk management at the C-level are twice as likely to have implemented a recovery program to help manage a data security breach.

What To Do

Do something. Most companies get overwhelmed even thinking about how to prepare or prevent cyber attacks. From our experience, preparation is key to a company’s success in surviving a data breach. And that preparation can be as simple as 1-2-3.

On April 11, 2016, a Virginia federal appeals court upheld a lower court ruling that a data security breach is covered by a General Liability (GL) policy. The specific ruling in TravelersIndemnity Company of America (Travelers) v.Portal Healthcare Solutions (Portal) ties back to the accidental publication of private medical records on the internet.

This breach arose in 2013 when two individuals searched their names on Google and found their private medical records from Glen Falls Hospital at the top of the search results. The two individuals subsequently sued the Glen Falls Hospital and Portal Healthcare Solutions, the company hired to secure patient records, for this privacy violation. During the trial, Travelers, who had issued two separate GL policies to Portal during the 4-month period the records were exposed, declined to provide a defense. The court ruling mandates that Travelers defend Portal.

This appears to be a groundbreaking ruling that marginalizes Cyber/Data Breach insurance policies, correct? Not so fast. Before you reconsider Cyber/Data Breach insurance or plan to rely on your GL policy to protect you against data breaches, consider these facts:

Between continued implementation of the Affordable Care Act and the introduction of ICD-10 medical billing codes, 2015 was a year of significant change in the healthcare insurance landscape. The overall market trends continue to be positive in many lines of coverage, but issues surrounding electronic medical records, ICD-10 coding, and the ever-changing regulatory landscape have created additional uncertainty in the marketplace.

Now a couple months into 2016, let’s take a look at trends and changes in six specific areas of healthcare insurance: Professional Liability, Executive Risk, Cyber & Data Security, Billing Errors and Omissions, Managed Care Errors and Omissions, and Workers’ Compensation.

Professional Liability

The marketplace for Professional Liability continues to trend favorably in terms of frequency, but severity is on the rise at a similar rate. Overall, the increase in severity and decrease in frequency offset each other, creating a generally stable and highly competitive marketplace. Insureds can anticipate rates remaining flat or seeing as much as a 5% decrease.

With the Super Bowl only a few days away, both teams are undoubtedly using every minute to prepare for the upcoming game. In 2015, we watched the defeat of the Seattle Seahawks after they ignored the most obvious play they could make to win the game. With twenty-five seconds remaining and one yard left to go, the Seahawks passed the ball instead of utilizing their star running back. What happened next will be discussed and debated by football fans for years to come. New England Patriots’ newbie, Malcom Butler, intercepted the ball for the game-winning play.

Just like in sports, businesses sometimes over think their choices, missing the most obvious play. Today, the obvious, smart play for all businesses is to have cyber liability coverage and a plan to address a cyber-breach. Yet, even with the awareness of the threat of cyber-breach, many businesses still haven’t taken action. Ignoring this easy safeguard could lead you to a big blunder, leaving your customers wondering why the most obvious route wasn’t taken, just as Seahawks fans questioned why their team didn’t utilize one of their best assets.